Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-04-16 06:02:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

correct key type and message size for ML-KEM-512
Some checks are pending
Build Debian packages / bookworm (push) Waiting to run
Details
Build Debian packages / bullseye (push) Waiting to run
Details
Build Debian packages / buster (push) Waiting to run
Details
Build on FreeBSD / with UPnP (push) Waiting to run
Details
Build on OSX / With USE_UPNP=no (push) Waiting to run
Details
Build on OSX / With USE_UPNP=yes (push) Waiting to run
Details
Build on Windows / clang-x86_64 (push) Waiting to run
Details
Build on Windows / i686 (push) Waiting to run
Details
Build on Windows / ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / x86_64 (push) Waiting to run
Details
Build on Windows / CMake clang-x86_64 (push) Waiting to run
Details
Build on Windows / CMake i686 (push) Waiting to run
Details
Build on Windows / CMake ucrt-x86_64 (push) Waiting to run
Details
Build on Windows / CMake x86_64 (push) Waiting to run
Details
Build on Windows / XP (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=no (push) Waiting to run
Details
Build on Ubuntu / Make with USE_UPNP=yes (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=OFF (push) Waiting to run
Details
Build on Ubuntu / CMake with -DWITH_UPNP=ON (push) Waiting to run
Details
Build containers / Building container for linux/amd64 (push) Waiting to run
Details
Build containers / Building container for linux/arm64 (push) Waiting to run
Details
Build containers / Building container for linux/arm/v7 (push) Waiting to run
Details
Build containers / Building container for linux/386 (push) Waiting to run
Details
Build containers / Pushing merged manifest (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
orignal 2025-04-05 18:12:38 -04:00
parent bce0ccf161
commit 2f2ecc32d2
1 changed files with 23 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
libi2pd/ECIESX25519AEADRatchetSession.cpp
View file

@ -274,22 +274,24 @@ namespace garlic
i2p::crypto::InitNoiseIKStateMLKEM512 (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)); // bpk i2p::crypto::InitNoiseIKStateMLKEM512 (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)); // bpk
MixHash (m_Aepk, 32); // h = SHA256(h || aepk) MixHash (m_Aepk, 32); // h = SHA256(h || aepk)
if (GetOwner ()->Decrypt (m_Aepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, aepk) if (GetOwner ()->Decrypt (m_Aepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)) // x25519(bsk, aepk)
{ {
MixKey (sharedSecret); MixKey (sharedSecret);
uint8_t nonce[12], encapsKey[i2p::crypto::MLKEM512_KEY_LENGTH]; uint8_t nonce[12], encapsKey[i2p::crypto::MLKEM512_KEY_LENGTH];
CreateNonce (n, nonce); CreateNonce (n, nonce);
if (i2p::crypto::AEADChaCha20Poly1305 (buf, i2p::crypto::MLKEM512_KEY_LENGTH, if (i2p::crypto::AEADChaCha20Poly1305 (buf, i2p::crypto::MLKEM512_KEY_LENGTH,
m_H, 32, m_CK + 32, nonce, encapsKey, i2p::crypto::MLKEM512_KEY_LENGTH , false)) // decrypt m_H, 32, m_CK + 32, nonce, encapsKey, i2p::crypto::MLKEM512_KEY_LENGTH, false)) // decrypt
{ {
decrypted = true; // encaps section has right hash decrypted = true; // encaps section has right hash
MixHash (buf, i2p::crypto::MLKEM512_KEY_LENGTH); MixHash (buf, i2p::crypto::MLKEM512_KEY_LENGTH + 16);
buf += i2p::crypto::MLKEM512_KEY_LENGTH + 16;
len -= i2p::crypto::MLKEM512_KEY_LENGTH + 16;
n++; n++;
m_PQKeys = std::make_unique<i2p::crypto::MLKEM512Keys>(); m_PQKeys = std::make_unique<i2p::crypto::MLKEM512Keys>();
m_PQKeys->SetPublicKey (encapsKey); m_PQKeys->SetPublicKey (encapsKey);
} }
} }
} }
#endif #endif
@ -579,7 +581,7 @@ namespace garlic
CreateNonce (n, nonce); CreateNonce (n, nonce);
const uint8_t * fs; const uint8_t * fs;
if (isStatic) if (isStatic)
fs = GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); fs = GetOwner ()->GetEncryptionPublicKey (m_RemoteStaticKeyType);
else else
{ {
memset (out + offset, 0, 32); // all zeros flags section memset (out + offset, 0, 32); // all zeros flags section
@ -596,7 +598,7 @@ namespace garlic
// KDF2 // KDF2
if (isStatic) if (isStatic)
{ {
GetOwner ()->Decrypt (m_RemoteStaticKey, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // x25519 (ask, bpk) GetOwner ()->Decrypt (m_RemoteStaticKey, sharedSecret, m_RemoteStaticKeyType); // x25519 (ask, bpk)
MixKey (sharedSecret); MixKey (sharedSecret);
} }
else else
@ -665,7 +667,7 @@ namespace garlic
{ {
uint8_t kemCiphertext[i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH]; uint8_t kemCiphertext[i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH];
m_PQKeys->Encaps (kemCiphertext, sharedSecret); m_PQKeys->Encaps (kemCiphertext, sharedSecret);
if (!i2p::crypto::AEADChaCha20Poly1305 (kemCiphertext, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH, if (!i2p::crypto::AEADChaCha20Poly1305 (kemCiphertext, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH,
m_H, 32, m_CK + 32, nonce, out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16, true)) // encrypt m_H, 32, m_CK + 32, nonce, out + offset, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16, true)) // encrypt
{ {
@ -761,7 +763,7 @@ namespace garlic
return false; return false;
} }
MixKey (sharedSecret); MixKey (sharedSecret);
GetOwner ()->Decrypt (bepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // x25519 (ask, bepk) GetOwner ()->Decrypt (bepk, sharedSecret, m_RemoteStaticKeyType); // x25519 (ask, bepk)
MixKey (sharedSecret); MixKey (sharedSecret);
uint8_t nonce[12]; uint8_t nonce[12];
@ -779,6 +781,7 @@ namespace garlic
} }
MixHash (buf, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16); MixHash (buf, i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16);
buf += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16; buf += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16;
len -= i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16;
// decaps // decaps
m_PQKeys->Decaps (kemCiphertext, sharedSecret); m_PQKeys->Decaps (kemCiphertext, sharedSecret);
MixKey (sharedSecret); MixKey (sharedSecret);
@ -945,7 +948,11 @@ namespace garlic
if (!payload) return nullptr; if (!payload) return nullptr;
size_t len = CreatePayload (msg, m_State != eSessionStateEstablished, payload); size_t len = CreatePayload (msg, m_State != eSessionStateEstablished, payload);
if (!len) return nullptr; if (!len) return nullptr;
#if OPENSSL_PQ
auto m = NewI2NPMessage (len + (m_State == eSessionStateEstablished ? 28 : i2p::crypto::MLKEM512_KEY_LENGTH + 116));
#else
auto m = NewI2NPMessage (len + 100); // 96 + 4 auto m = NewI2NPMessage (len + 100); // 96 + 4
#endif
m->Align (12); // in order to get buf aligned to 16 (12 + 4) m->Align (12); // in order to get buf aligned to 16 (12 + 4)
uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
@ -960,11 +967,19 @@ namespace garlic
if (!NewOutgoingSessionMessage (payload, len, buf, m->maxLen)) if (!NewOutgoingSessionMessage (payload, len, buf, m->maxLen))
return nullptr; return nullptr;
len += 96; len += 96;
#if OPENSSL_PQ
if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
len += i2p::crypto::MLKEM512_KEY_LENGTH + 16;
#endif
break; break;
case eSessionStateNewSessionReceived: case eSessionStateNewSessionReceived:
if (!NewSessionReplyMessage (payload, len, buf, m->maxLen)) if (!NewSessionReplyMessage (payload, len, buf, m->maxLen))
return nullptr; return nullptr;
len += 72; len += 72;
#if OPENSSL_PQ
if (m_RemoteStaticKeyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
len += i2p::crypto::MLKEM512_CIPHER_TEXT_LENGTH + 16;
#endif
break; break;
case eSessionStateNewSessionReplySent: case eSessionStateNewSessionReplySent:
if (!NextNewSessionReplyMessage (payload, len, buf, m->maxLen)) if (!NextNewSessionReplyMessage (payload, len, buf, m->maxLen))